I think i got "hacked" (german)

Hi! As i came back from my holiday my sister showed me this email she got: < START > Received: from [172.20.1.104] (helo=mailgate6.cinetic.de) by mx06.web.de with esmtp (WEB.DE(Exim) 4.75 #2) id 17hHVy-0004sp-01 for grundwasser16@web.de; Wed, 21 Aug 2002 00:30:18 +0200 Received: from hotmail.com (f176.law11.hotmail.com [64.4.17.176]) by mailgate6.cinetic.de (8.11.2/8.11.2/WEBDE Linux 8.11.0-0.2) with ESMTP id g7KLA2w06138 for ; Tue, 20 Aug 2002 23:10:02 +0200 Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 20 Aug 2002 14:09:58 -0700 Received: from 217.233.67.236 by lw11fd.law11.hotmail.msn.com with HTTP; Tue, 20 Aug 2002 21:09:58 GMT X-Originating-IP: [217.233.67.236] From: "R K" To: grundwasser16@web.de Subject: Hallo Sissy... !!!! Date: Tue, 20 Aug 2002 23:09:58 +0200 Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1; format=flowed Message-ID: X-OriginalArrivalTime: 20 Aug 2002 21:09:58.0686 (UTC) FILETIME=[F0C583E0:01C2488D] Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by mailgate6.cinetic.de id g7KLA2w06138 Na, wie geht´s dem Freund??? Na ja, egal, mit 17 ist ja noch alles offen, und vielleicht findet sich beim chatten ja was richtiges. Oder ist bei Euch in Lorch nix los?? Kann ja mal anrufen bei Dir: 071xx/9155xx Was machst Du so, wenn du mal nicht im Internet surfst und deine Spuren hinterlässt??? Wie sieht´s mit der Mittleren Reife aus? Alles gut überstanden?? Na ja, wer immer "Wer wird Millionär" schaut, kann ja gar nicht schlecht sein... grins... Du solltest Dich mal ERNSTHAFT mit Mario unterhalten, schliesslich sollte er ja "vom Fach" sein... Vielleicht weiss er ja, WOHER ICH ALL DEINE DATEN HABE, OBWOHL ICH HUNDERTE KM ENTFERNT BIN!!!!!! THINK SAFE!!! KEEP YOUR PC SAFE!!!! Greetzzzz vom HACKerKinG PS ich habe weder mit dir jemals gechatted noch kenne ich dich in irgendeiner form ... UND TROZDEM IST NICHTS FIKTIV! Bedenke BIG BROTHER IS WATCHING YOU!! Ask for more!!!!! ... and youll get the answer _________________________________________________________________ Mit MSN Fotos können Sie kinderleicht Ihre Fotos ausdrucken und Freunden zur Verfügung stellen: http://photos.msn.de http://photos.msn.de> < STOP > I am running 2 PCs, SuSE7.3 (PDC, Web, Mail, edonkey, ircd. Not updated for 23days) and SuSE7.2 (SuSEfirewall2. not updated for 13days). I could not find anything interesing in my logfiles. Seems like he never touched my server, but if he really got in i would not find the tracks anyway, her will have removed them. But i doubt that he is a professional. His name does look like a script kiddy, his mailaddress at hotmail is a sign for a scriptkiddy, too. Not logs from a network scanner, nothing. I hope that he just got in contact with the w2k client, not with my servers. The w2k SP2 workstation where my sister works on was not infected by a trojan (Scanned by norton anti virus 2002). What do i do next, how can i dected my security hole? I want to find the hole, before i install my Servers again. Any tip, hint, would be great! Thanks! Mario Ohnewald p.s. I hope i have told you everything you have to know.